Dex Hex - Slashdot User

Comment Governments don't need to wait for Adobe (Score 1) 161

by Dex Hex on Friday November 04, 2016 @11:31AM (#53212889) Attached to: Adobe Is Working On 'Photoshop For Audio' That Will Let You Add Words Someone Never Said

What if this technology is already available and being used in combination with man-in-the-middle attacks for the modification of communications in real time? A state-sponsored malicious actor can even start wars between unsuspected countries. Governments don't need to wait for Adobe to write software for their cyberwar arsenals.

The only way to (try and) guard against this that I can think of is cryptographically signing and verifying all important communications, whether between country leaders or between corporations. Maybe this is necessary for personal communications too.

Submission + - Android Spyware Targets Business Executives (helpnetsecurity.com)

Submitted by Orome1 on Thursday November 03, 2016 @09:55AM

Orome1 writes: Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a VP at a global technology company. The name of the malicious package is “com.android.protect”, and it comes disguised as a Google Play Services app. It disables Samsung’s SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher. The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.

Comment Class action lawsuit most definitely in order (Score 1) 95

by Dex Hex on Friday October 14, 2016 @03:37AM (#53074567) Attached to: Android Devices That Contain Foxconn Firmware May Have a Secret Backdoor

Only a huge payout will make companies lose their appetite for such "accidental" and "I-didn't-know-about-it" backdoors in the future.

Comment Link of particulate matter to dementia (Score 1) 115

by Dex Hex on Thursday September 29, 2016 @07:51AM (#52982613) Attached to: 92% of the World's Population Exposed To Unsafe Levels of Air Pollution: WHO

TFA correctly mentions cardiovascular diseases, stroke, chronic obstructive pulmonary disease and lung cancer, which often lead to death. It fails to mention the link to dementia, which can be a fate far worse than death.

Comment Re: Why is this news? (Score 2) 94

by Dex Hex on Friday August 26, 2016 @10:23AM (#52774569) Attached to: Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint

Serious businesses don't change the active contracts with their clients whenever they feel like it, without first discussing it with the rest of the affected parties in order to reach an agreement. This should be the normal practice for the ToS as well.

Comment Re:Those were marketing claims (Score 5, Interesting) 94

by Dex Hex on Friday August 26, 2016 @10:17AM (#52774543) Attached to: Facebook's WhatsApp Data Gambit Faces Federal Privacy Complaint

Indeed. Including the magic clause "[company] may rewrite the terms of service from time to time, and it's the users responsibility to check the website periodically [...]" solves all future problems.

I always believed that no court in the universe will find this valid. Are you sure it's allowed in the US?

Comment Re: Linux. (Score 1) 405

by Dex Hex on Tuesday August 23, 2016 @07:00AM (#52754273) Attached to: Ask Slashdot: How Will You Handle Microsoft's New 'Cumulative' Windows Updates?

A lady was recently awarded around 10K $ if I'm not mistaken. This was compensation for the windows 10 upgrade disrupting her work. 10K buys you plenty of macs.

Submission + - NSA worried about implications of leaked toolkits (businessinsider.com)

Submitted by wierd_w on Tuesday August 16, 2016 @05:41PM

wierd_w writes: According to business insider, the NSA is worried about the possible scope of information leaked from the agency, after a group calling themselves the "Shadow Brokers" absconded with a sizable trove of penetration tools and technical exploits, which it plans to sell on the black market.

Among the concerns, are worries that active operations may have been exposed. Business insider quotes an undisclosed source as stating the possibility of the loss of such security and stealth (eg privacy) has had chilling effects for the agency, as they attempt to determine the fullness and scope of the leak.

(Does anyone besides me feel a little tickled about the irony of the NSA complaining about chilling effects of possibly being monitored?)

Submission + - Snowden Speculates Leak of NSA Spying Tools Is Tied To Russian DNC Hack (arstechnica.com)

Submitted by Anonymous Coward on Tuesday August 16, 2016 @04:40PM

An anonymous reader writes: Two former employees of the National Security Agency—including exiled whistleblower Edward Snowden—are speculating that Monday's leak of what are now confirmed to be advanced hacking tools belonging to the US government is connected to the separate high-profile hacks and subsequent leaks of two Democratic groups. Private security firms brought in to investigate the breach of the Democratic National Committee and a separate hack of the Democratic Congressional Campaign Committee have said that the software left behind implicates hackers tied to the Russian government. US intelligence officials have privately said they, too, have high confidence of Russian government involvement. Both Snowden and Dave Aitel, an offensive security expert who spent six years as an NSA security scientist, are speculating that Monday's leak by a group calling itself Shadow Brokers is in response to growing tensions between the US and Russia over the hacks on the Democratic groups. As this post was being prepared, researchers with Kaspersky Lab confirmed that the tools belong to Equation Group, one of the most sophisticated hacking groups they've ever investigated. "Why did they do it?" Snowden wrote in a series of tweets early Tuesday morning. "No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack." In a brief post of his own, Aitel agreed that Russia is the most likely suspect behind both the Democratic hacks and the leaking of the NSA spying tools. He also said the NSA data was likely obtained by someone with physical access to an NSA secure area who managed to walk out with a USB stick loaded with secrets.

Submission + - Windows UAC Bypass Permits Code Execution (threatpost.com)

Submitted by msm1267 on Tuesday August 16, 2016 @04:01PM

msm1267 writes: A Windows UAC bypass has been publicly disclosed that not only bypasses the security feature meant to prevent unauthorized installs, but can be used to run code on compromised machines without leaving a trace on the hard disk.

The bypass relies on Event Viewer (eventvwr.exe), a native Windows feature used to view event logs locally or remotely. Researcher Matt Nelson said he figured out a way to use eventvwr to hijack a registry process, start Powershell and execute commands on Windows machines; he collaborated with fellow researcher Matt Graeber on a proof-of-concept exploit, which was tested against Windows 7 and 10. A report published today by Nelson said it would work against any version of the OS that implements UAC.

An attacker would already need to be on the machine to use this technique, Nelson said. The attack allows an admin user to execute code in a high-integrity context without requiring the user to approve the administrative action via the UAC pop-up.

Microsoft, the researcher said, does not consider UAC bypasses a security boundary worthy of a bulletin and patch. It's unclear how Microsoft will address this issue.

Comment Re:Try Linphone (Score 1) 237

by Dex Hex on Tuesday August 16, 2016 @05:39AM (#52710451) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

Linphone looks good. How about trustworthy SIP public servers / providers? Do you have some in mind that also offer encryption?

Comment Re:Signal, WhatsApp, etc (Score 1) 237

by Dex Hex on Monday August 15, 2016 @03:25PM (#52706437) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

Sorry, I stand corrected. I saw this

Note: Tox is still under heavy development — expect to run into some bugs.

in their download page (https://tox.chat/download.html) and I got confused and blamed the clients. Good thing that you caught it. Both the Android and iOS clients seem to be in really good shape.

Comment Re:Inherently Insecure (Score 1) 237

by Dex Hex on Monday August 15, 2016 @03:13PM (#52706359) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

It's not a matter of what I'm using. It's a matter of having no control over the device and the software being used.

I did not build them, therefore I don't know if they are actually doing what they claim to be doing.

Submission + - Bad Programming Ideas That Work

Submitted by snydeq on Monday August 15, 2016 @01:42PM

snydeq writes: Cheaper, faster, better side effects — sometimes a bad idea in programming is better than just good enough, writes InfoWorld's Peter Wayner. 'Some ideas, schemes, or architectures may truly stink, but they may also be the best choice for your project. They may be cheaper or faster, or maybe it’s too hard to do things the right way. In other words, sometimes bad is simply good enough. There are also occasions when a bad idea comes with a silver lining. It may not be the best approach, but it has such good side-effects that it’s the way to go. If we’re stuck going down a suboptimal path to programming hell, we might as well make the most of whatever gems may be buried there.' What bad programming ideas have you found useful enough to make work in your projects?

Comment Re:Don't they all have the same problem? (Score 1) 237

by Dex Hex on Monday August 15, 2016 @08:14AM (#52703583) Attached to: Ask Slashdot: Are There Secure Alternatives To Skype?

Maybe using an application like Jitsi allows you to connect with people using other messenger software. You can register a SIP address and then chat with any other user that has a SIP address, no matter what their comm client is.

Slashdot Top Deals